Splunk
SPLK-5002 · Question #20
SPLK-5002 Question #20: Real Exam Question with Answer & Explanation
Sign in or unlock SPLK-5002 to reveal the answer and full explanation for question #20. The question stem and answer options stay visible for context.
Question
A Detection Engineer works closely with SOC leads to define expected analyst workflows, often documented as a Standard Operating Procedure (SOP). Which capability can be used to document expected analyst actions in an investigation?
Options
- AInvestigation notes
- BAdaptive response actions
- CResponse templates
- DCorrelation Search Editor
Unlock SPLK-5002 to see the answer
You've previewed enough free SPLK-5002 questions. Unlock SPLK-5002 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.